search

rapidsai / miniforge-cuda

https://hub.docker.com/r/rapidsai/miniforge-cuda/
12 stars 9 forks source link

Add a group for conda commands #26

Closed raydouglass closed 1 year ago

raydouglass commented 1 year ago

In order for downstream images to install conda packages as a non-root user, we should install the conda environment & packages writable by a group. So this image will now create a conda group and ensure permissions are set for group access.

Downstream images can reuse this conda group.

Required for https://github.com/rapidsai/docker/issues/539

I tested locally like so:

docker buildx build -f Dockerfile -t rapidsai/mambaforge-cuda-777:cuda11.8.0-base-ubuntu22.04-py3.10 --build-arg CUDA_VER=11.8.0 --build-arg LINUX_VER=ubuntu22.04 --build-arg PYTHON_VER=3.10 .

Then build this Dockerfile:

FROM rapidsai/mambaforge-cuda-777:cuda11.8.0-base-ubuntu22.04-py3.10

RUN useradd -rm -d /home/rapids -s /bin/bash -g conda -u 1001 rapids

USER rapids

RUN mamba install -n base -y curl
raydouglass commented 1 year ago

they suggest utilizing linux groups to provide write access to a global conda installation.

The latest commit now uses a conda group and some chmod/umask commands to control the write/setgid permissions. This appears to work for downstream images.